CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”http://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspxUS-CERT published an advisory on XPSP2 the other day. Main statement – “Microsoft Windows XP Service Pack 2 (SP2) significantly improves your computer's defenses against attacks and vulnerabilities.” They specifically talked about IE changes, includingen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875) IEBlog CERT Advisory on XPSP2 significantly improves your | Wood TV Standhttp://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspx#9672398Mon, 01 Jun 2009 02:11:34 GMT91d46819-8472-40ad-a661-2c78acb4018c:9672398 IEBlog CERT Advisory on XPSP2 significantly improves your | Wood TV Stand<p>PingBack from <a rel="nofollow" target="_new" href="http://woodtvstand.info/story.php?id=4277">http://woodtvstand.info/story.php?id=4277</a></p>
<img src="http://blogs.msdn.com/aggbug.aspx?PostID=9672398" width="1" height="1">re: CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”http://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspx#234274Sat, 25 Sep 2004 22:01:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:234274MP&quot;significantly improves your computer's defenses&quot;...
<br>Ridiculous. How long we use browsers? Many years. And the talk about security is only GROWING since the beginning. It's a shame IE/WinXP still has ANY security holes. The basic design is just wrong. This is because MS main drive is making profits instead of offering security, privacy.
<br>Not to mention the stability and growing system specifications. Mostly because all the easteregg like stuff, way too much unneeded things in Windows/IE, etc. And then MS doesn't offer any tools to remove these unneeded resourceslurkers.
<br>Cut down to the basics (which CAN be enough for 99%, if not all), and we can run Longhorn on a Pentium1 with 64Mb memory.
<br>Oh, and i forgot the embarrasing lock-in strategy (like creating- unneeded-pushed-MS-standards) of MS... Etc.
<br>Plain and honest competition? Not to my standards.<div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=234274" width="1" height="1">re: CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”http://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspx#233802Fri, 24 Sep 2004 09:29:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:233802HethuI don't know whether you guys already know this, but on my XP SP2 with latest Windows updates, this JEPG mage CRASHES IE.
<br>
<br><a target="_new" href="http://sylvana.net/test/AP4.jpg">http://sylvana.net/test/AP4.jpg</a>
<br>
<br>And this is where I found this:
<br>
<br><a target="_new" href="http://it.slashdot.org/comments.pl?sid=122855&amp;cid=10327905">http://it.slashdot.org/comments.pl?sid=122855&amp;cid=10327905</a>
<br>
<br>This is really embarrasing...<div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=233802" width="1" height="1">re: CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”http://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspx#228660Mon, 13 Sep 2004 08:08:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:228660Jeff WaldenTo the IE people:
<br>Sorry about all the people who are essentially spamming here. Sure, Firefox is better, but with SP2 IE is also better -- just not better enough. ;-) We can do better to promote Firefox (and do it more ethically) than to take over the comments section on a blog for a browser that many users don't even realize they're using.
<br>
<br>I don't know whether it's just me or not, but I get the impression that IESP2 isn't really that great a jump in security compared to IE&lt;SP2 in the hands of an intelligent user. The main changes (doubtless there were smaller bugs, many security-oriented, that were fixed -- not huge defense improvements but improvements nonetheless) as I see them are:
<br>
<br>-firewall ON by default
<br>-activex OFF by default, prompt to whitelist by site
<br>-popup blocker added
<br>-somewhat tighter divisions between security zones (?)
<br>
<br>The firewall was off before, but could be enabled if desired. ActiveX was enabled but could be turned off. Granted, the UI for toggling these wasn't really present, so this isn't optimal, but it would seem to make them more UI changes than major features added. Popup blocking might be a security feature in some instances, but I see it more as an annoyance remover as opposed to a security feature. Perhaps those more familiar with software security know of ways that popup blocking would enhance security for the intelligent user.
<br>
<br>Anyways, feel free to add to this list with any other big changes, because I'm interested in hearing exactly what else has changed in SP2 -- my knowledge of the changes is obviously rather lacking.
<br>
<br>Note:
<br>I'm not disputing that IESP2 is definitely worth downloading -- SP2 was my first action after I got a new laptop recently. However, from my knowledge it seems that CERT's advisory title might be slightly overemphasized (or rather, targeted towards the less clueful users).<div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=228660" width="1" height="1">re: CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”http://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspx#227140Thu, 09 Sep 2004 01:10:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:227140BobFirefox s amazing. I haven't had a single problem with it. And just to make sure IE doesn't pop up anymore, I routed all system calls to IE straight to Firefox. :)
<br>
<br><a target="_new" href="http://crackbaby.com/article.php?sid=10093">http://crackbaby.com/article.php?sid=10093</a>
<br>
<br>Can you believe Microsoft told me that they wouldn't include this answer? The site now pops up as the number one site on Google for 'remove internet explorer' :)<div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=227140" width="1" height="1">re: CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”http://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspx#226769Wed, 08 Sep 2004 12:45:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:226769PeterHmmm, guess not. :(<div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=226769" width="1" height="1">re: CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”http://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspx#226768Wed, 08 Sep 2004 12:44:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:226768PeterJust testing if we can leave out the &quot;http://&quot; and still get a clickable link: www.GetFirefox.com<div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=226768" width="1" height="1">re: CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”http://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspx#226767Wed, 08 Sep 2004 12:43:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:226767PeterFor anyone interested in a more secure (and feature-rich) alternative, try:
<br>
<br><a target="_new" href="http://www.GetFirefox.com">http://www.GetFirefox.com</a>
<br>
<br>Competition is good. ;)<div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=226767" width="1" height="1">re: CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”http://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspx#226200Tue, 07 Sep 2004 01:50:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:226200BobAnd yet the CERT advisory on IE still stands... even after SP2. In case you forgot, CERT recommended everyone dump Internet explorer :)
<br>
<br>Microsoft did mention that they plugged this security hole but it can still be routed around using a shell call and hence is an even more scary security hole.<div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=226200" width="1" height="1">re: CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”http://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspx#225358Fri, 03 Sep 2004 18:49:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:225358Robert D.&gt;&gt; &quot;That was before SP2.&quot;
<br>&gt;
<br>&gt; Right, which is XP-only. IIRC, IE6 runs on Windows 98+, sadly enough.
<br>
<br>Ooh, zing!<div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=225358" width="1" height="1">re: CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”http://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspx#225224Fri, 03 Sep 2004 13:34:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:225224TurnipBut all they are basically saying, is that you should get SP2 because there are so many security holes in XP that in order to not be majorly open to attack you need a patched system.<div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=225224" width="1" height="1">re: CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”http://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspx#225223Fri, 03 Sep 2004 13:34:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:225223TurnipBut all they are basically saying, is that you should get SP2 because there are so many security holes in XP that in order to not be majorly open to attack you need a patched system.<div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=225223" width="1" height="1">re: CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”http://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspx#225034Fri, 03 Sep 2004 02:00:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:225034John Good.&quot;That was before SP2.&quot;
<br>
<br>Right, which is XP-only. IIRC, IE6 runs on Windows 98+, sadly enough.<div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=225034" width="1" height="1">re: CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”http://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspx#224840Thu, 02 Sep 2004 18:02:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:224840RobinThat was before SP2.<div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=224840" width="1" height="1">re: CERT Advisory on XPSP2 – “significantly improves your computer’s defenses”http://blogs.msdn.com/b/ie/archive/2004/09/01/224331.aspx#224737Thu, 02 Sep 2004 15:32:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:224737TurnipWhat about when they recommended that people use a different browser than IE, to get better security?<div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=224737" width="1" height="1">